Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Starker Verdacht auf Virus/Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.04.2012, 13:13   #1
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Hallo!
Mir ist aufgefallen das mein PC in den letzten Tagen deutlich langsamer wurde. Ebenfalls hat mein Antivirus (Avast) vor ca. 2 Wochen einen Trojaner gefunden, der aber gelöscht wurde, daher dachte ich es wäre wieder alles okay.

Naja, ich habe nun wie in der Anleitung beschrieben die 3 Programme laufen lassen und die Logfiles angehängt. Ich hoffe ihr könnt mir weiterhelfen!

MfG

Mhh, hab ich was falsch gemacht? Ich möchte ja nicht nerven aber ich glaube mein Thread geht langsam unter
Angehängte Dateien
Dateityp: zip Desktop.zip (11,9 KB, 86x aufgerufen)

Geändert von Da GuRu (30.04.2012 um 19:06 Uhr) Grund: Starker Verdacht auf Virus/Trojaner

Alt 30.04.2012, 20:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Zitat:
Ebenfalls hat mein Antivirus (Avast) vor ca. 2 Wochen einen Trojaner gefunden,
Schön und wo ist das Log dazu?

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 30.04.2012, 20:55   #3
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Avast Reports:

Code:
ATTFilter
C:\Users\****\AppData\Local\Temp\cgs8h0.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h1.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h2.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h3.exe Bedrohung: Win32:Rootkit-gen [Rtk]
         
defrogger_disable:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:21 on 30/04/2012 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
DDS:

[code].DDS Logfile:
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by **** at 12:22:49 on 2012-04-30
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3583.2406 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [PlayNC Launcher] 
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\****\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\****\appdata\roaming\mozilla\firefox\profiles\wxoysspe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: network.proxy.http - 70.89.2.57
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\****\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-18 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-18 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-16 218688]
R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2010-8-10 11392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-12-5 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-18 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-18 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-25 44768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-1 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-6 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-6 264192]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-10-27 1559552]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 131856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-1-7 95304]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\drivers\wg111v3.sys [2011-7-8 376832]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 583680]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2012-03-24 22:43:28	314880	----a-w-	c:\windows\system32\fmodex.dll
2012-03-06 23:15:19	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:03:51	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14	44376	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 05:59:41	3958128	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59:41	3902320	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-01 05:53:27	19312	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:45:05	158720	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-28 01:18:55	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 05:44:57	826368	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43	177152	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18	24064	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38	1074176	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:41:20	218624	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20	1170944	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19	739840	----a-w-	c:\windows\system32\d2d1.dll
2012-02-03 04:01:58	2341376	----a-w-	c:\windows\system32\win32k.sys
.
============= FINISH: 12:23:15,06 ===============
         
--- --- ---

--- --- ---


Attach:
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 01.06.2011 19:12:03
System Uptime: 30.04.2012 11:58:03 (1 hours ago)
.
Motherboard: ASRock |  | N68-S3 UCC
Processor: AMD Phenom(tm) II X6 1055T Processor | CPUSocket | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 395,408 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP187: 17.04.2012 23:12:30 - Windows Update
RP188: 21.04.2012 03:32:02 - Windows Update
RP189: 24.04.2012 17:53:41 - Windows Update
RP190: 27.04.2012 20:02:31 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1) - Deutsch
Aion
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ASIO4ALL
µTorrent
Audiosurf
avast! Free Antivirus
Battlefield Play4Free
Belkin Connect Wireless USB Adapter
Bully Scholarship Edition
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CPUCooL (remove only)
Curse Client
D3DX10
DAEMON Tools Lite
Diablo III Beta
DIE SIEDLER - Das Erbe der Könige
EVE Online (remove only)
Fallout New Vegas
FL Studio 10
FL Studio 9
Forsaken World 
Fraps (remove only)
Free YouTube to MP3 Converter version 3.10.5.722
Garena 2010
GIMP 2.6.11
Global Agenda
GUILD WARS
Half-Life 2
Half-Life 2: Episode One
Hardcore
Hydra VSTi/DXi v1.2
IL Download Manager
ILLUSION RapeLay
iZotope Ozone 4
JA Launcher
Java Auto Updater
Java(TM) 6 Update 30
JDownloader 0.9
League of Legends
LogMeIn Hamachi
LOLReplay
Malwarebytes Anti-Malware Version 1.60.1.1000
Mass Effect 2 German
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 4.0
MotioninJoy ds3 driver version 0.6.0005
Mozilla Firefox 11.0 (x86 de)
MSVCRT
MTA:SA v1.0.5
NCsoft Launcher
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Drivers
NVIDIA PhysX
Ohm Force - Ohmicide VST
Orcs Must Die!
Pando Media Booster
Platform
PoiZone
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
reFX Nexus VSTi RTAS v2.2.0
Sandboxie 3.62 (32-bit)
Sawer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sonic Charge µTonic VSTi v2.0.1
Spiral Knights
Supreme Commander
Supreme Commander 2
Supreme Commander: Forged Alliance
Sylenth1 v2.20
TeamSpeak 3 Client
TeamViewer 6
Terraria
thriXXX 3DSexVilla2-114.001
TmNationsForever
Toxic Biohazard
TP-LINK Drahtlos Tool
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VIA Plattform-Geräte-Manager
VirtualDJ Home FREE
Vista Anti-Lag 1.1.1
VLC media player 1.1.10
Waves Diamond Bundle v5.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-Bit)
World of Warcraft
X-Universe Plugin Manager V1.30 by Cycrow
X3 Terran Conflict v3.1
.
==== End Of File ===========================
         
GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-30 13:09:53
Windows 6.1.7600  Harddisk0\DR0 -> \Device\00000069 SAMSUNG_ rev.1AJ1
Running: v7pnp6d1.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldqpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwAddBootEntry [0x9203CDF8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwAllocateVirtualMemory [0x92384A5A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwAssignProcessToJobObject [0x9203D85E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateEvent [0x920422E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateEventPair [0x92042330]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateIoCompletion [0x92042422]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateMutant [0x92042252]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateSection [0x92042374]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateSemaphore [0x9204229A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwCreateTimer [0x920423DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwDeleteBootEntry [0x9203CE44]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwFreeVirtualMemory [0x92384B34]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwLoadDriver [0x9203CAD6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwModifyBootEntry [0x9203CE90]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwNotifyChangeKey [0x9203FD1C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwNotifyChangeMultipleKeys [0x9203DB02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenEvent [0x9204230E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenEventPair [0x92042352]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenIoCompletion [0x92042446]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenMutant [0x92042278]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenSection [0x920423AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenSemaphore [0x920422C2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwOpenTimer [0x92042400]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwProtectVirtualMemory [0x92384CA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwQueryObject [0x9203D9CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwSetBootEntryOrder [0x9203CEDC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwSetBootOptions [0x9203CF28]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwSetSystemInformation [0x9203CB46]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwSetSystemPowerState [0x9203CCEA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwShutdownSystem [0x9203CC92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwSystemDebugControl [0x9203CD5A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwTerminateProcess [0x92384D60]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                 ZwVdmControl [0x9203CF74]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwWriteVirtualMemory [0x92384BE0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ZwCreateProcessEx [0x9239AD92]
Code            9A668BFC                                                                                                              ZwTraceEvent
Code            9A668BFB                                                                                                              NtTraceEvent
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                 ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!NtTraceEvent                                                                                             82E71E24 5 Bytes  JMP 9A668C00 
.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                       82E825C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                82EA7092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 244                                                                                   82EAE884 4 Bytes  [F8, CD, 03, 92] {CLC ; INT 0x3; XCHG EDX, EAX}
.text           ntkrnlpa.exe!RtlSidHashLookup + 26C                                                                                   82EAE8AC 4 Bytes  [5A, 4A, 38, 92]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2CC                                                                                   82EAE90C 2 Bytes  [5E, D8]
.text           ntkrnlpa.exe!RtlSidHashLookup + 2CF                                                                                   82EAE90F 1 Byte  [92]
.text           ntkrnlpa.exe!RtlSidHashLookup + 320                                                                                   82EAE960 8 Bytes  [E4, 22, 04, 92, 30, 23, 04, ...] {IN AL, 0x22; ADD AL, 0x92; XOR [EBX], AH; ADD AL, 0x92}
.text           ...                                                                                                                   
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                    830483BE 5 Bytes  JMP 92397C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                      830620CD 5 Bytes  JMP 92399764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                           830AC75A 4 Bytes  CALL 9203E1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                                            830B474B 5 Bytes  JMP 9A668DE0 
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                          830B486B 4 Bytes  CALL 9203E1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                                               830B6173 5 Bytes  JMP 9A668D40 
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                                        830CA3D9 5 Bytes  JMP 9A668CA0 
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                        8311A4FE 7 Bytes  JMP 9239AD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                              section is writeable [0x9623A000, 0x3C12C5, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0x95DB5300, 0x1BCE, 0xE8000020]
?               C:\Users\****\AppData\Local\Temp\mbr.sys                                                                              Das System kann die angegebene Datei nicht finden. !
.text           kernel32.dll!GetBinaryTypeW + 70                                                                                      769278FC 1 Byte  [62]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrUnloadDll                                                           77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrLoadDll                                                             77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 70                                                 769278FC 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70                                                   769278FC 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll                                                           77ADBD1F 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll                                                             77ADF425 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70                                                 769278FC 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx                                                   767CCC7B 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent                                                        767CD924 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW                                                     767D210A 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook                                                       767D507E 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA                                                     767F6DFA 5 Bytes  JMP 000C0600 
.text           C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70                                                   769278FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrUnloadDll                  77ADBD1F 5 Bytes  JMP 000A03FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrLoadDll                    77ADF425 5 Bytes  JMP 000A01F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] kernel32.dll!GetBinaryTypeW + 70        769278FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWindowsHookEx          767CCC7B 5 Bytes  JMP 000D0A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWinEvent               767CD924 5 Bytes  JMP 000D03FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExW            767D210A 5 Bytes  JMP 000D0804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWinEventHook              767D507E 5 Bytes  JMP 000D01F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExA            767F6DFA 5 Bytes  JMP 000D0600 
.text           C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrUnloadDll                                                             77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrLoadDll                                                               77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsass.exe[580] kernel32.dll!GetBinaryTypeW + 70                                                   769278FC 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWindowsHookEx                                                     767CCC7B 5 Bytes  JMP 001D0A08 
.text           C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWinEvent                                                          767CD924 5 Bytes  JMP 001D03FC 
.text           C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExW                                                       767D210A 5 Bytes  JMP 001D0804 
.text           C:\Windows\system32\lsass.exe[580] USER32.dll!SetWinEventHook                                                         767D507E 5 Bytes  JMP 001D01F8 
.text           C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExA                                                       767F6DFA 5 Bytes  JMP 001D0600 
.text           C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrUnloadDll                                                               77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrLoadDll                                                                 77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsm.exe[588] kernel32.dll!GetBinaryTypeW + 70                                                     769278FC 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 000C0A08 
.text           C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 000C03FC 
.text           C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 000C0804 
.text           C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 000C01F8 
.text           C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 000C0600 
.text           C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll                                                           77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll                                                             77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70                                                 769278FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll                                                           77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll                                                             77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70                                                 769278FC 1 Byte  [62]
.text           C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 001603FC 
.text           C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 001601F8 
.text           C:\Windows\system32\atiesrxx.exe[916] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 002F0A08 
.text           C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 002F03FC 
.text           C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 002F0804 
.text           C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 002F01F8 
.text           C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 002F0600 
.text           C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrUnloadDll                                                           77ADBD1F 5 Bytes  JMP 000A03FC 
.text           C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrLoadDll                                                             77ADF425 5 Bytes  JMP 000A01F8 
.text           C:\Windows\system32\AUDIODG.EXE[940] kernel32.dll!GetBinaryTypeW + 70                                                 769278FC 1 Byte  [62]
.text           C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWindowsHookEx                                                   767CCC7B 5 Bytes  JMP 00140A08 
.text           C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWinEvent                                                        767CD924 5 Bytes  JMP 001403FC 
.text           C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExW                                                     767D210A 5 Bytes  JMP 00140804 
.text           C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWinEventHook                                                       767D507E 5 Bytes  JMP 001401F8 
.text           C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExA                                                     767F6DFA 5 Bytes  JMP 00140600 
.text           C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll                                                           77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll                                                             77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70                                                 769278FC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx                                                   767CCC7B 5 Bytes  JMP 002B0A08 
.text           C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWinEvent                                                        767CD924 5 Bytes  JMP 002B03FC 
.text           C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExW                                                     767D210A 5 Bytes  JMP 002B0804 
.text           C:\Windows\System32\svchost.exe[984] USER32.dll!SetWinEventHook                                                       767D507E 5 Bytes  JMP 002B01F8 
.text           C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExA                                                     767F6DFA 5 Bytes  JMP 002B0600 
.text           C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00940A08 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 009403FC 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00940804 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 009401F8 
.text           C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00940600 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00AF0A08 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 00AF03FC 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00AF0804 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 00AF01F8 
.text           C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00AF0600 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrUnloadDll                                                    77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrLoadDll                                                      77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] kernel32.dll!GetBinaryTypeW + 70                                          769278FC 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWindowsHookEx                                            767CCC7B 5 Bytes  JMP 00110A08 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWinEvent                                                 767CD924 5 Bytes  JMP 001103FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExW                                              767D210A 5 Bytes  JMP 00110804 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWinEventHook                                                767D507E 5 Bytes  JMP 001101F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExA                                              767F6DFA 5 Bytes  JMP 00110600 
.text           C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00570A08 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 005703FC 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00570804 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 005701F8 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00570600 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll                                                   77ADBD1F 5 Bytes  JMP 000903FC 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll                                                     77ADF425 5 Bytes  JMP 000901F8 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70                                         769278FC 1 Byte  [62]
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx                                           767CCC7B 5 Bytes  JMP 00230A08 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent                                                767CD924 5 Bytes  JMP 002303FC 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW                                             767D210A 5 Bytes  JMP 00230804 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook                                               767D507E 5 Bytes  JMP 002301F8 
.text           C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA                                             767F6DFA 5 Bytes  JMP 00230600 
.text           C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrUnloadDll                                                         77ADBD1F 5 Bytes  JMP 001603FC 
.text           C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrLoadDll                                                           77ADF425 5 Bytes  JMP 001601F8 
.text           C:\Windows\system32\atieclxx.exe[1432] kernel32.dll!GetBinaryTypeW + 70                                               769278FC 1 Byte  [62]
.text           C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWindowsHookEx                                                 767CCC7B 5 Bytes  JMP 00180A08 
.text           C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWinEvent                                                      767CD924 5 Bytes  JMP 001803FC 
.text           C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExW                                                   767D210A 5 Bytes  JMP 00180804 
.text           C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWinEventHook                                                     767D507E 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExA                                                   767F6DFA 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter                     769130E2 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70                             769278FC 1 Byte  [62]
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrUnloadDll                              77ADBD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrLoadDll                                77ADF425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] kernel32.dll!GetBinaryTypeW + 70                    769278FC 1 Byte  [62]
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWindowsHookEx                      767CCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWinEvent                           767CD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExW                        767D210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWinEventHook                          767D507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExA                        767F6DFA 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00090A08 
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 000903FC 
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW                                                    767D210A 3 Bytes  JMP 00090804 
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW + 4                                                767D210E 1 Byte  [89]
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook                                                      767D507E 3 Bytes  JMP 000901F8 
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook + 4                                                  767D5082 1 Byte  [89]
.text           C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00090600 
.text           C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00210A08 
.text           C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 002103FC 
.text           C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00210804 
.text           C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 002101F8 
.text           C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00210600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrUnloadDll                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrLoadDll                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] kernel32.dll!GetBinaryTypeW + 70                769278FC 1 Byte  [62]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWindowsHookEx                  767CCC7B 5 Bytes  JMP 00090A08 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWinEvent                       767CD924 5 Bytes  JMP 000903FC 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW                    767D210A 3 Bytes  JMP 00090804 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW + 4                767D210E 1 Byte  [89]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook                      767D507E 3 Bytes  JMP 000901F8 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook + 4                  767D5082 1 Byte  [89]
.text           C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExA                    767F6DFA 5 Bytes  JMP 00090600 
.text           C:\Users\****\Desktop\v7pnp6d1.exe[1876] kernel32.dll!GetBinaryTypeW + 70                                             769278FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrUnloadDll                  77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrLoadDll                    77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] kernel32.dll!GetBinaryTypeW + 70        769278FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWindowsHookEx          767CCC7B 5 Bytes  JMP 000A0A08 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWinEvent               767CD924 5 Bytes  JMP 000A03FC 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExW            767D210A 5 Bytes  JMP 000A0804 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWinEventHook              767D507E 5 Bytes  JMP 000A01F8 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExA            767F6DFA 5 Bytes  JMP 000A0600 
.text           C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1916] KERNEL32.dll!GetBinaryTypeW + 70          769278FC 1 Byte  [62]
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrUnloadDll                                           77ADBD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrLoadDll                                             77ADF425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] kernel32.dll!GetBinaryTypeW + 70                                 769278FC 1 Byte  [62]
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWindowsHookEx                                   767CCC7B 5 Bytes  JMP 002F0A08 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWinEvent                                        767CD924 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExW                                     767D210A 5 Bytes  JMP 002F0804 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWinEventHook                                       767D507E 5 Bytes  JMP 002F01F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExA                                     767F6DFA 5 Bytes  JMP 002F0600 
.text           C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\wuauclt.exe[1960] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrUnloadDll                                                         77ADBD1F 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrLoadDll                                                           77ADF425 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\PnkBstrA.exe[2012] kernel32.dll!GetBinaryTypeW + 70                                               769278FC 1 Byte  [62]
.text           C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWindowsHookEx                                                 767CCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWinEvent                                                      767CD924 5 Bytes  JMP 001F03FC 
.text           C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExW                                                   767D210A 5 Bytes  JMP 001F0804 
.text           C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWinEventHook                                                     767D507E 5 Bytes  JMP 001F01F8 
.text           C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExA                                                   767F6DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrLoadDll                                               77ADF425 5 Bytes  JMP 58259720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MapViewOfFile                                         7690C05C 5 Bytes  JMP 5848E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!VirtualAlloc                                          76910594 5 Bytes  JMP 5848E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetBinaryTypeW + 70                                   769278FC 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2244] GDI32.dll!CreateDIBSection                                         76CC85F0 5 Bytes  JMP 5848E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[2320] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00210A08 
.text           C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 002103FC 
.text           C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00210804 
.text           C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 002101F8 
.text           C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00210600 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrUnloadDll                                    77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrLoadDll                                      77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] kernel32.dll!GetBinaryTypeW + 70                          769278FC 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWindowsHookEx                            767CCC7B 5 Bytes  JMP 001C0A08 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWinEvent                                 767CD924 5 Bytes  JMP 001C03FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExW                              767D210A 5 Bytes  JMP 001C0804 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWinEventHook                                767D507E 5 Bytes  JMP 001C01F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!GetWindowInfo                                  767D6A82 5 Bytes  JMP 583CFE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!TrackPopupMenu                                 767F4B3B 5 Bytes  JMP 583D03C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExA                              767F6DFA 5 Bytes  JMP 001C0600 
.text           C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrUnloadDll                                                         77ADBD1F 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrLoadDll                                                           77ADF425 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskhost.exe[2512] kernel32.dll!GetBinaryTypeW + 70                                               769278FC 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWindowsHookEx                                                 767CCC7B 5 Bytes  JMP 000E0A08 
.text           C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWinEvent                                                      767CD924 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExW                                                   767D210A 5 Bytes  JMP 000E0804 
.text           C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWinEventHook                                                     767D507E 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExA                                                   767F6DFA 5 Bytes  JMP 000E0600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2560] KERNEL32.dll!GetBinaryTypeW + 70                  769278FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll                                                          77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll                                                            77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetBinaryTypeW + 70                                                769278FC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWindowsHookEx                                                  767CCC7B 5 Bytes  JMP 00170A08 
.text           C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWinEvent                                                       767CD924 5 Bytes  JMP 001703FC 
.text           C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExW                                                    767D210A 5 Bytes  JMP 00170804 
.text           C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWinEventHook                                                      767D507E 5 Bytes  JMP 001701F8 
.text           C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExA                                                    767F6DFA 5 Bytes  JMP 00170600 
.text           C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrUnloadDll                                                              77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrLoadDll                                                                77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\Dwm.exe[2876] kernel32.dll!GetBinaryTypeW + 70                                                    769278FC 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWindowsHookEx                                                      767CCC7B 5 Bytes  JMP 000F0A08 
.text           C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWinEvent                                                           767CD924 5 Bytes  JMP 000F03FC 
.text           C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExW                                                        767D210A 5 Bytes  JMP 000F0804 
.text           C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWinEventHook                                                          767D507E 5 Bytes  JMP 000F01F8 
.text           C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExA                                                        767F6DFA 5 Bytes  JMP 000F0600 
.text           C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrUnloadDll                                                                  77ADBD1F 5 Bytes  JMP 002F03FC 
.text           C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrLoadDll                                                                    77ADF425 5 Bytes  JMP 002F01F8 
.text           C:\Windows\Explorer.EXE[3000] kernel32.dll!GetBinaryTypeW + 70                                                        769278FC 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWindowsHookEx                                                          767CCC7B 5 Bytes  JMP 003A0A08 
.text           C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWinEvent                                                               767CD924 5 Bytes  JMP 003A03FC 
.text           C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExW                                                            767D210A 5 Bytes  JMP 003A0804 
.text           C:\Windows\Explorer.EXE[3000] USER32.dll!SetWinEventHook                                                              767D507E 5 Bytes  JMP 003A01F8 
.text           C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExA                                                            767F6DFA 5 Bytes  JMP 003A0600 
.text           C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrUnloadDll                                                         77ADBD1F 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrLoadDll                                                           77ADF425 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskhost.exe[3112] kernel32.dll!GetBinaryTypeW + 70                                               769278FC 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWindowsHookEx                                                 767CCC7B 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWinEvent                                                      767CD924 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExW                                                   767D210A 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWinEventHook                                                     767D507E 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExA                                                   767F6DFA 5 Bytes  JMP 00080600 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrUnloadDll                                            77ADBD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrLoadDll                                              77ADF425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] kernel32.dll!GetBinaryTypeW + 70                                  769278FC 1 Byte  [62]
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWindowsHookEx                                    767CCC7B 5 Bytes  JMP 00360A08 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWinEvent                                         767CD924 5 Bytes  JMP 003603FC 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExW                                      767D210A 5 Bytes  JMP 00360804 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWinEventHook                                        767D507E 5 Bytes  JMP 003601F8 
.text           C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExA                                      767F6DFA 5 Bytes  JMP 00360600 
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3432] kernel32.dll!GetBinaryTypeW + 70                              769278FC 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrUnloadDll                                                    77ADBD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrLoadDll                                                      77ADF425 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\SearchIndexer.exe[3584] kernel32.dll!GetBinaryTypeW + 70                                          769278FC 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWindowsHookEx                                            767CCC7B 5 Bytes  JMP 00150A08 
.text           C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWinEvent                                                 767CD924 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExW                                              767D210A 5 Bytes  JMP 00150804 
.text           C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWinEventHook                                                767D507E 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExA                                              767F6DFA 5 Bytes  JMP 00150600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70                  769278FC 1 Byte  [62]

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                aswSP.SYS (avast! self protection module/AVAST Software)
Device          \Driver\ACPI_HAL \Device\00000051                                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File            C:\avast! sandbox                                                                                                     0 bytes
File            C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000                                                      0 bytes
File            C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267                                                 0 bytes
File            C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77c91-92aa-11e1-9930-0025229459ae}  0 bytes
File            C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77cab-92aa-11e1-9930-0025229459ae}  0 bytes
File            C:\avast! sandbox\snx_rhive                                                                                           262144 bytes
File            C:\avast! sandbox\snx_rhive.LOG1                                                                                      5120 bytes
File            C:\avast! sandbox\snx_rhive.LOG2                                                                                      0 bytes
File            C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TM.blf                                              65536 bytes
File            C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000001.regtrans-ms         524288 bytes
File            C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000002.regtrans-ms         524288 bytes
         
__________________

Alt 01.05.2012, 15:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.05.2012, 20:45   #5
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Servus, tut mir leid das ich jetzt erst antworte, die Scans haben ewig gedauert

Hier die Ergebnisse:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1494124cc92bd548aa1ba7646097929e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 06:39:14
# local_time=2012-05-01 08:39:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776573 100 94 1365 88326770 0 0
# compatibility_mode=8192 67108863 100 0 241 241 0 0
# scanned=195866
# found=5
# cleaned=0
# scan_time=5927
C:\ProgramData\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Sandbox\****\DefaultBox\drive\C\Windows\system32\install\WindowsUpdater.exe	probably a variant of Win32/TrojanDropper.VB.GADMGGH trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\****\AppData\Local\Temp\jar_cache3327211295830174052.tmp	Java/Exploit.CVE-2012-0507.D trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\****\AppData\Local\Temp\Main.class	a variant of Java/TrojanDownloader.Agent.NEC trojan (unable to clean)	00000000000000000000000000000000	I
         
Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
**** :: **** [Administrator]

01.05.2012 17:40:42
mbam-log-2012-05-01 (17-40-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355621
Laufzeit: 1 Stunde(n), 13 Minute(n), 52 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und nochwas, hier in dem Log von DDS:
Code:
ATTFilter
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1
         
Ich kenne mich nicht allzugut aus, aber ist das normal?

Grüße!


Alt 02.05.2012, 13:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
--> Starker Verdacht auf Virus/Trojaner

Alt 02.05.2012, 14:21   #7
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Das war der erste Fullscan, ansonsten habe ich Malwarebytes immer nur für einzelne Dateien verwendet.

Alt 02.05.2012, 15:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.05.2012, 15:11   #9
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Das ist ja das komische, ich bin mir sicher das mit meinem Rechner was faul ist, aber im Startmenü ist alles vorhanden und es funktioniert auch alles wunderbar..

Alt 02.05.2012, 15:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.05.2012, 17:13   #11
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Code:
ATTFilter
OTL logfile created on: 02.05.2012 15:58:44 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\****\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,89% Memory free
7,00 Gb Paging File | 5,59 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 393,25 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
 
Computer Name:****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.02 15:56:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.12.06 05:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.12.04 15:48:54 | 001,728,512 | ---- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.12 19:19:47 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be286ce65226e3b86d3a90bc516a5adc\WindowsFormsIntegration.ni.dll
MOD - [2012.04.12 09:52:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll
MOD - [2012.04.12 09:52:41 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll
MOD - [2012.04.12 09:52:17 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012.04.12 09:52:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012.04.12 09:52:08 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll
MOD - [2012.02.15 18:02:28 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll
MOD - [2012.02.15 17:17:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012.02.15 17:17:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012.02.15 17:16:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012.02.15 17:16:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012.02.15 17:16:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012.02.15 17:16:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011.12.05 23:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.12.05 23:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.10.13 19:10:12 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
MOD - [2011.10.13 19:08:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2009.11.03 11:11:50 | 047,628,288 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.05.07 16:53:18 | 000,106,496 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 16:50:46 | 000,073,728 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 13:57:00 | 000,094,208 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2012.03.24 18:03:20 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.01.16 14:58:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.06 05:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.12.06 04:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.11.23 15:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.10 19:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2011.10.17 19:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.08.06 15:37:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.08.06 15:37:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.06.24 07:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2010.11.11 21:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp)
DRV - [2010.09.16 19:33:40 | 001,559,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur)
DRV - [2010.08.10 15:49:36 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.11.25 21:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.11.18 18:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.04.30 13:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01  [binary data]
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.http: "70.89.2.57"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.25 16:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 20:18:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.06.01 20:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.05.01 00:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions
[2012.03.04 19:17:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.07.22 22:51:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.01 00:54:26 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.01 17:52:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.07.22 18:40:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com
[2012.01.16 01:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.25 16:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.03.20 20:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.21 21:52:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 21:52:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.21 21:52:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.21 21:52:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 21:52:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 21:52:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk - C:\Programme\NETGEAR\WG111v3\WG111v3.exe - ()
MsConfig - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 18:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.01 00:54:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\QuickScan
[2012.04.30 12:09:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\****\Desktop\dds.com
[2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta
[2012.04.20 17:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.05 22:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.04.05 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\BioWare
[2012.04.05 21:17:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Unleashed
[2012.04.05 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2
[2012.04.05 21:08:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NFS Most Wanted
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 12:41:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.02 12:40:59 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.01 17:39:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.30 13:12:37 | 000,012,204 | ---- | M] () -- C:\Users\****\Desktop\Desktop.zip
[2012.04.30 12:13:16 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\v7pnp6d1.exe
[2012.04.30 12:09:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\****\Desktop\dds.com
[2012.04.30 12:08:17 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.04.30 12:07:44 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2012.04.29 22:06:18 | 311,525,463 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.20 21:25:32 | 000,278,561 | ---- | M] () -- C:\Users\****\Desktop\Minecraft.exe
[2012.04.20 17:27:56 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012.04.11 22:21:45 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.11 22:21:45 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.11 22:21:45 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.11 22:21:45 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.07 19:28:34 | 000,001,674 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.04.05 22:51:58 | 000,001,514 | ---- | M] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.03 15:58:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.04.03 14:48:43 | 000,000,854 | ---- | M] () -- C:\Users\****\.recently-used.xbel
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.30 13:12:37 | 000,012,204 | ---- | C] () -- C:\Users\****\Desktop\Desktop.zip
[2012.04.30 12:13:08 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\v7pnp6d1.exe
[2012.04.30 12:08:17 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.04.30 12:07:43 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2012.04.20 21:25:26 | 000,278,561 | ---- | C] () -- C:\Users\****\Desktop\Minecraft.exe
[2012.04.20 17:27:27 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk
[2012.04.05 22:51:58 | 000,001,514 | ---- | C] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk
[2012.04.03 14:48:43 | 000,000,854 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2012.02.28 17:55:01 | 000,007,680 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.30 20:00:38 | 000,001,674 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.12.06 04:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.12.06 04:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.14 21:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.06 15:37:01 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.08.06 15:37:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.07.22 19:27:38 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.07.22 19:27:37 | 000,138,056 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys
[2011.07.22 19:27:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.07.22 19:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.07.11 12:15:29 | 000,051,222 | ---- | C] () -- C:\Users\****\AppData\Roaming\room_v3.dat
[2011.06.18 22:30:03 | 1782,587,392 | -H-- | C] () -- C:\Program Files\DATA1.CAB.gpotato
[2011.06.18 18:10:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.01 20:53:08 | 000,704,512 | ---- | C] () -- C:\Windows\System32\cohelper.dll
[2011.06.01 20:53:08 | 000,005,940 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.06.01 19:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.30 19:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\System32\spk.dll
[2010.11.11 21:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.08.10 15:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
 
========== LOP Check ==========
 
[2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios
[2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line
[2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope
[2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy
[2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut
[2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker
[2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX
[2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity
[2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2012.04.05 22:17:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2011.06.23 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2011.12.30 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2011.06.01 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI
[2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios
[2011.06.01 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line
[2011.09.18 22:59:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2011.09.11 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield Installation Information
[2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope
[2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2011.06.01 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2011.09.09 04:22:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2011.09.18 23:00:45 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy
[2011.06.01 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut
[2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan
[2011.08.19 02:27:40 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM
[2012.05.01 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker
[2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX
[2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity
[2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2011.06.18 01:09:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2011.06.02 15:00:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.09.11 18:43:45 | 000,331,776 | ---- | M] (Rockstar Games         ) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe
[2011.06.01 21:05:18 | 000,038,208 | ---- | M] () -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.18 05:18:54 | 005,185,536 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
[2011.09.18 05:18:54 | 000,028,672 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
[2011.06.20 18:37:08 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\cmd.exe
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.12.06 05:12:52 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
========== Files - Unicode (All) ==========
[2011.06.28 19:05:29 | 000,000,988 | ---- | M] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa
[2011.06.28 18:55:33 | 000,000,988 | ---- | C] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa

< End of report >
         

Alt 02.05.2012, 19:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01  [binary data]
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.http: "70.89.2.57"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
[2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.05.2012, 23:00   #13
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.facemoods.com/?a=ddrnw" removed from browser.startup.homepage
Prefs.js: "70.89.2.57" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VIAAUD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
File E:\StartSetup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ****
->Temp folder emptied: 2946953418 bytes
->Temporary Internet Files folder emptied: 41529381 bytes
->Java cache emptied: 555384 bytes
->FireFox cache emptied: 677822679 bytes
->Flash cache emptied: 64782 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132512897 bytes
RecycleBin emptied: 8874440 bytes
 
Total Files Cleaned = 3.632,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ****
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05022012_225552

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 03.05.2012, 15:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.05.2012, 18:32   #15
Krystalic
 
Starker Verdacht auf Virus/Trojaner - Standard

Starker Verdacht auf Virus/Trojaner



Puh, endlich mal ein Scan der keine 2 Stunden braucht:

Code:
ATTFilter
18:29:28.0202 2864	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
18:29:28.0300 2864	============================================================
18:29:28.0300 2864	Current date / time: 2012/05/03 18:29:28.0300
18:29:28.0300 2864	SystemInfo:
18:29:28.0300 2864	
18:29:28.0300 2864	OS Version: 6.1.7600 ServicePack: 0.0
18:29:28.0300 2864	Product type: Workstation
18:29:28.0300 2864	ComputerName: NICO-PC
18:29:28.0301 2864	UserName: Nico
18:29:28.0301 2864	Windows directory: C:\Windows
18:29:28.0301 2864	System windows directory: C:\Windows
18:29:28.0301 2864	Processor architecture: Intel x86
18:29:28.0301 2864	Number of processors: 6
18:29:28.0301 2864	Page size: 0x1000
18:29:28.0301 2864	Boot type: Normal boot
18:29:28.0301 2864	============================================================
18:29:29.0412 2864	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
18:29:29.0414 2864	============================================================
18:29:29.0414 2864	\Device\Harddisk0\DR0:
18:29:29.0414 2864	MBR partitions:
18:29:29.0414 2864	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:29:29.0414 2864	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:29:29.0414 2864	============================================================
18:29:29.0421 2864	C: <-> \Device\Harddisk0\DR0\Partition1
18:29:29.0422 2864	============================================================
18:29:29.0422 2864	Initialize success
18:29:29.0422 2864	============================================================
18:29:40.0450 3360	============================================================
18:29:40.0450 3360	Scan started
18:29:40.0450 3360	Mode: Manual; SigCheck; TDLFS; 
18:29:40.0450 3360	============================================================
18:29:41.0259 3360	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:29:41.0313 3360	1394ohci - ok
18:29:41.0338 3360	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:29:41.0351 3360	ACPI - ok
18:29:41.0406 3360	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:29:41.0428 3360	AcpiPmi - ok
18:29:41.0566 3360	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:29:41.0576 3360	AdobeARMservice - ok
18:29:41.0610 3360	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:29:41.0625 3360	adp94xx - ok
18:29:41.0669 3360	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:29:41.0683 3360	adpahci - ok
18:29:41.0693 3360	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:29:41.0705 3360	adpu320 - ok
18:29:41.0728 3360	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:29:41.0764 3360	AeLookupSvc - ok
18:29:41.0841 3360	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
18:29:41.0896 3360	AFD - ok
18:29:41.0930 3360	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:29:41.0958 3360	agp440 - ok
18:29:41.0990 3360	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:29:42.0000 3360	aic78xx - ok
18:29:42.0059 3360	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:29:42.0101 3360	ALG - ok
18:29:42.0126 3360	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:29:42.0136 3360	aliide - ok
18:29:42.0170 3360	AMD External Events Utility (ec98ca8298f67926fa50876348534b1d) C:\Windows\system32\atiesrxx.exe
18:29:42.0255 3360	AMD External Events Utility - ok
18:29:42.0311 3360	AMD FUEL Service - ok
18:29:42.0387 3360	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:29:42.0400 3360	amdagp - ok
18:29:42.0412 3360	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:29:42.0421 3360	amdide - ok
18:29:42.0434 3360	amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
18:29:42.0664 3360	amdiox86 - ok
18:29:42.0683 3360	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:29:42.0715 3360	AmdK8 - ok
18:29:42.0933 3360	amdkmdag        (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:43.0076 3360	amdkmdag - ok
18:29:43.0155 3360	amdkmdap        (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:43.0186 3360	amdkmdap - ok
18:29:43.0224 3360	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:29:43.0252 3360	AmdPPM - ok
18:29:43.0288 3360	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
18:29:43.0316 3360	amdsata - ok
18:29:43.0333 3360	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:29:43.0347 3360	amdsbs - ok
18:29:43.0365 3360	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
18:29:43.0374 3360	amdxata - ok
18:29:43.0443 3360	AODDriver4.01   (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:29:43.0476 3360	AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning
18:29:43.0476 3360	AODDriver4.01 - detected UnsignedFile.Multi.Generic (1)
18:29:43.0493 3360	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:29:43.0508 3360	AppID - ok
18:29:43.0529 3360	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:29:43.0561 3360	AppIDSvc - ok
18:29:43.0579 3360	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
18:29:43.0605 3360	Appinfo - ok
18:29:43.0626 3360	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:29:43.0637 3360	arc - ok
18:29:43.0663 3360	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:29:43.0673 3360	arcsas - ok
18:29:43.0757 3360	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:29:43.0766 3360	aspnet_state - ok
18:29:43.0815 3360	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
18:29:43.0826 3360	aswFsBlk - ok
18:29:43.0861 3360	aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
18:29:43.0870 3360	aswMonFlt - ok
18:29:43.0930 3360	aswRdr          (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
18:29:43.0938 3360	aswRdr - ok
18:29:43.0957 3360	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
18:29:43.0973 3360	aswSnx - ok
18:29:43.0999 3360	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
18:29:44.0011 3360	aswSP - ok
18:29:44.0023 3360	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
18:29:44.0033 3360	aswTdi - ok
18:29:44.0048 3360	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:44.0087 3360	AsyncMac - ok
18:29:44.0106 3360	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:29:44.0117 3360	atapi - ok
18:29:44.0187 3360	athur           (257c58cddbcb02fd38675ed6df76037d) C:\Windows\system32\DRIVERS\athur.sys
18:29:44.0229 3360	athur - ok
18:29:44.0357 3360	AtiHDAudioService (7725aecceddf81bd8374c77157e450ea) C:\Windows\system32\drivers\AtihdW73.sys
18:29:44.0367 3360	AtiHDAudioService - ok
18:29:44.0418 3360	atksgt          (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
18:29:44.0443 3360	atksgt - ok
18:29:44.0480 3360	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:29:44.0521 3360	AudioEndpointBuilder - ok
18:29:44.0526 3360	Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:29:44.0549 3360	Audiosrv - ok
18:29:44.0631 3360	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:29:44.0649 3360	avast! Antivirus - ok
18:29:44.0674 3360	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
18:29:44.0701 3360	AxInstSV - ok
18:29:44.0744 3360	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:29:44.0770 3360	b06bdrv - ok
18:29:44.0794 3360	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:29:44.0821 3360	b57nd60x - ok
18:29:44.0837 3360	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:29:44.0849 3360	BDESVC - ok
18:29:44.0857 3360	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:29:44.0898 3360	Beep - ok
18:29:44.0923 3360	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
18:29:44.0961 3360	BFE - ok
18:29:44.0997 3360	BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
18:29:45.0044 3360	BITS - ok
18:29:45.0059 3360	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:29:45.0070 3360	blbdrive - ok
18:29:45.0083 3360	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
18:29:45.0095 3360	bowser - ok
18:29:45.0103 3360	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:29:45.0125 3360	BrFiltLo - ok
18:29:45.0141 3360	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:29:45.0166 3360	BrFiltUp - ok
18:29:45.0187 3360	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
18:29:45.0247 3360	Browser - ok
18:29:45.0272 3360	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:29:45.0288 3360	Brserid - ok
18:29:45.0299 3360	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:45.0331 3360	BrSerWdm - ok
18:29:45.0354 3360	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:45.0383 3360	BrUsbMdm - ok
18:29:45.0397 3360	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:45.0441 3360	BrUsbSer - ok
18:29:45.0458 3360	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:29:45.0488 3360	BTHMODEM - ok
18:29:45.0511 3360	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:29:45.0533 3360	bthserv - ok
18:29:45.0556 3360	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:45.0596 3360	cdfs - ok
18:29:45.0630 3360	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:45.0657 3360	cdrom - ok
18:29:45.0690 3360	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:29:45.0726 3360	CertPropSvc - ok
18:29:45.0741 3360	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:29:45.0752 3360	circlass - ok
18:29:45.0773 3360	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:29:45.0787 3360	CLFS - ok
18:29:45.0839 3360	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:45.0848 3360	clr_optimization_v2.0.50727_32 - ok
18:29:45.0897 3360	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:45.0907 3360	clr_optimization_v4.0.30319_32 - ok
18:29:45.0917 3360	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:45.0929 3360	CmBatt - ok
18:29:45.0934 3360	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:29:45.0945 3360	cmdide - ok
18:29:45.0983 3360	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
18:29:46.0001 3360	CNG - ok
18:29:46.0012 3360	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:29:46.0023 3360	Compbatt - ok
18:29:46.0034 3360	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:29:46.0055 3360	CompositeBus - ok
18:29:46.0073 3360	COMSysApp - ok
18:29:46.0104 3360	CPUCooLServer - ok
18:29:46.0118 3360	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:29:46.0126 3360	crcdisk - ok
18:29:46.0189 3360	CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
18:29:46.0224 3360	CryptSvc - ok
18:29:46.0388 3360	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:29:46.0420 3360	DcomLaunch - ok
18:29:46.0444 3360	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:29:46.0469 3360	defragsvc - ok
18:29:46.0513 3360	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
18:29:46.0537 3360	DfsC - ok
18:29:46.0567 3360	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
18:29:46.0594 3360	Dhcp - ok
18:29:46.0615 3360	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:29:46.0635 3360	discache - ok
18:29:46.0665 3360	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:29:46.0675 3360	Disk - ok
18:29:46.0696 3360	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
18:29:46.0721 3360	Dnscache - ok
18:29:46.0739 3360	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
18:29:46.0777 3360	dot3svc - ok
18:29:46.0795 3360	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
18:29:46.0821 3360	DPS - ok
18:29:46.0843 3360	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:29:46.0885 3360	drmkaud - ok
18:29:46.0939 3360	dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:29:46.0950 3360	dtsoftbus01 - ok
18:29:46.0989 3360	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:47.0005 3360	DXGKrnl - ok
18:29:47.0015 3360	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:29:47.0041 3360	EapHost - ok
18:29:47.0124 3360	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:29:47.0187 3360	ebdrv - ok
18:29:47.0275 3360	EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
18:29:47.0335 3360	EFS - ok
18:29:47.0398 3360	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
18:29:47.0426 3360	ehRecvr - ok
18:29:47.0452 3360	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:29:47.0477 3360	ehSched - ok
18:29:47.0515 3360	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:29:47.0531 3360	elxstor - ok
18:29:47.0540 3360	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:29:47.0568 3360	ErrDev - ok
18:29:47.0598 3360	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:29:47.0635 3360	EventSystem - ok
18:29:47.0655 3360	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:29:47.0677 3360	exfat - ok
18:29:47.0690 3360	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:29:47.0723 3360	fastfat - ok
18:29:47.0758 3360	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
18:29:47.0788 3360	Fax - ok
18:29:47.0810 3360	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:29:47.0831 3360	fdc - ok
18:29:47.0848 3360	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:29:47.0879 3360	fdPHost - ok
18:29:47.0892 3360	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:29:47.0934 3360	FDResPub - ok
18:29:47.0954 3360	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:29:47.0963 3360	FileInfo - ok
18:29:47.0975 3360	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:29:48.0006 3360	Filetrace - ok
18:29:48.0032 3360	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:48.0055 3360	flpydisk - ok
18:29:48.0076 3360	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:29:48.0086 3360	FltMgr - ok
18:29:48.0130 3360	FontCache       (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
18:29:48.0166 3360	FontCache - ok
18:29:48.0243 3360	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:48.0250 3360	FontCache3.0.0.0 - ok
18:29:48.0258 3360	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:29:48.0269 3360	FsDepends - ok
18:29:48.0301 3360	Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:48.0311 3360	Fs_Rec - ok
18:29:48.0336 3360	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
18:29:48.0353 3360	fvevol - ok
18:29:48.0377 3360	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:48.0389 3360	gagp30kx - ok
18:29:48.0459 3360	GGSAFERDriver - ok
18:29:48.0502 3360	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
18:29:48.0541 3360	gpsvc - ok
18:29:48.0587 3360	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:29:48.0596 3360	hamachi - ok
18:29:48.0723 3360	Hamachi2Svc     (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:29:48.0755 3360	Hamachi2Svc - ok
18:29:48.0831 3360	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:29:48.0862 3360	hcw85cir - ok
18:29:48.0902 3360	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:29:48.0932 3360	HdAudAddService - ok
18:29:48.0950 3360	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:48.0971 3360	HDAudBus - ok
18:29:48.0991 3360	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:29:49.0018 3360	HidBatt - ok
18:29:49.0034 3360	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:29:49.0056 3360	HidBth - ok
18:29:49.0088 3360	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:29:49.0100 3360	HidIr - ok
18:29:49.0111 3360	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:29:49.0134 3360	hidserv - ok
18:29:49.0152 3360	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:49.0162 3360	HidUsb - ok
18:29:49.0176 3360	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
18:29:49.0217 3360	hkmsvc - ok
18:29:49.0236 3360	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
18:29:49.0270 3360	HomeGroupListener - ok
18:29:49.0295 3360	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
18:29:49.0323 3360	HomeGroupProvider - ok
18:29:49.0340 3360	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:29:49.0352 3360	HpSAMD - ok
18:29:49.0382 3360	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:29:49.0429 3360	HTTP - ok
18:29:49.0442 3360	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:29:49.0451 3360	hwpolicy - ok
18:29:49.0461 3360	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:49.0490 3360	i8042prt - ok
18:29:49.0528 3360	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
18:29:49.0542 3360	iaStorV - ok
18:29:49.0626 3360	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:49.0651 3360	idsvc - ok
18:29:49.0669 3360	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:29:49.0680 3360	iirsp - ok
18:29:49.0712 3360	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
18:29:49.0760 3360	IKEEXT - ok
18:29:49.0781 3360	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:29:49.0790 3360	intelide - ok
18:29:49.0811 3360	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:49.0835 3360	intelppm - ok
18:29:49.0850 3360	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:29:49.0889 3360	IPBusEnum - ok
18:29:49.0908 3360	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:49.0946 3360	IpFilterDriver - ok
18:29:49.0979 3360	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
18:29:50.0033 3360	iphlpsvc - ok
18:29:50.0042 3360	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:29:50.0066 3360	IPMIDRV - ok
18:29:50.0198 3360	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:29:50.0219 3360	IPNAT - ok
18:29:50.0362 3360	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:29:50.0397 3360	IRENUM - ok
18:29:50.0511 3360	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:29:50.0523 3360	isapnp - ok
18:29:50.0531 3360	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:50.0543 3360	iScsiPrt - ok
18:29:50.0570 3360	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:50.0580 3360	kbdclass - ok
18:29:50.0601 3360	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:50.0614 3360	kbdhid - ok
18:29:50.0653 3360	KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:50.0665 3360	KeyIso - ok
18:29:50.0678 3360	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
18:29:50.0688 3360	KSecDD - ok
18:29:50.0699 3360	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:50.0710 3360	KSecPkg - ok
18:29:50.0737 3360	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:29:50.0775 3360	KtmRm - ok
18:29:50.0804 3360	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
18:29:50.0824 3360	LanmanServer - ok
18:29:50.0845 3360	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
18:29:50.0875 3360	LanmanWorkstation - ok
18:29:50.0997 3360	lirsgt          (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:29:51.0005 3360	lirsgt - ok
18:29:51.0033 3360	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:51.0072 3360	lltdio - ok
18:29:51.0242 3360	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:29:51.0288 3360	lltdsvc - ok
18:29:51.0416 3360	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:29:51.0466 3360	lmhosts - ok
18:29:51.0494 3360	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:51.0504 3360	LSI_FC - ok
18:29:51.0519 3360	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:51.0532 3360	LSI_SAS - ok
18:29:51.0540 3360	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:51.0550 3360	LSI_SAS2 - ok
18:29:51.0563 3360	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:51.0573 3360	LSI_SCSI - ok
18:29:51.0587 3360	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:29:51.0623 3360	luafv - ok
18:29:51.0759 3360	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
18:29:51.0774 3360	Mcx2Svc - ok
18:29:51.0796 3360	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:29:51.0806 3360	megasas - ok
18:29:51.0824 3360	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:29:51.0835 3360	MegaSR - ok
18:29:51.0983 3360	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:29:52.0006 3360	MMCSS - ok
18:29:52.0143 3360	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:29:52.0177 3360	Modem - ok
18:29:52.0196 3360	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:29:52.0223 3360	monitor - ok
18:29:52.0286 3360	MotioninJoyXFilter (9960b18d55e7bd0f265c3c1953d19592) C:\Windows\system32\DRIVERS\MijXfilt.sys
18:29:52.0298 3360	MotioninJoyXFilter - ok
18:29:52.0438 3360	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:52.0448 3360	mouclass - ok
18:29:52.0577 3360	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:52.0603 3360	mouhid - ok
18:29:52.0623 3360	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:29:52.0632 3360	mountmgr - ok
18:29:52.0645 3360	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:29:52.0657 3360	mpio - ok
18:29:52.0800 3360	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:29:52.0957 3360	mpsdrv - ok
18:29:52.0983 3360	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
18:29:53.0025 3360	MpsSvc - ok
18:29:53.0043 3360	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:29:53.0073 3360	MRxDAV - ok
18:29:53.0114 3360	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:53.0138 3360	mrxsmb - ok
18:29:53.0169 3360	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:53.0184 3360	mrxsmb10 - ok
18:29:53.0195 3360	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:53.0206 3360	mrxsmb20 - ok
18:29:53.0212 3360	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:29:53.0223 3360	msahci - ok
18:29:53.0240 3360	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:29:53.0250 3360	msdsm - ok
18:29:53.0272 3360	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:29:53.0298 3360	MSDTC - ok
18:29:53.0315 3360	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:29:53.0336 3360	Msfs - ok
18:29:53.0349 3360	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:53.0379 3360	mshidkmdf - ok
18:29:53.0393 3360	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:29:53.0404 3360	msisadrv - ok
18:29:53.0425 3360	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:29:53.0470 3360	MSiSCSI - ok
18:29:53.0472 3360	msiserver - ok
18:29:53.0500 3360	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:53.0538 3360	MSKSSRV - ok
18:29:53.0551 3360	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:53.0583 3360	MSPCLOCK - ok
18:29:53.0597 3360	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:29:53.0617 3360	MSPQM - ok
18:29:53.0630 3360	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:29:53.0644 3360	MsRPC - ok
18:29:53.0660 3360	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:53.0668 3360	mssmbios - ok
18:29:53.0676 3360	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:29:53.0697 3360	MSTEE - ok
18:29:53.0705 3360	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:29:53.0715 3360	MTConfig - ok
18:29:53.0729 3360	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:29:53.0740 3360	Mup - ok
18:29:53.0774 3360	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
18:29:53.0801 3360	napagent - ok
18:29:53.0833 3360	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:53.0863 3360	NativeWifiP - ok
18:29:53.0892 3360	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:29:53.0911 3360	NDIS - ok
18:29:53.0924 3360	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:53.0958 3360	NdisCap - ok
18:29:53.0980 3360	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:54.0013 3360	NdisTapi - ok
18:29:54.0038 3360	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:54.0062 3360	Ndisuio - ok
18:29:54.0071 3360	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:54.0107 3360	NdisWan - ok
18:29:54.0123 3360	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:29:54.0154 3360	NDProxy - ok
18:29:54.0170 3360	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:29:54.0206 3360	NetBIOS - ok
18:29:54.0227 3360	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:29:54.0267 3360	NetBT - ok
18:29:54.0295 3360	Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:54.0308 3360	Netlogon - ok
18:29:54.0344 3360	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:29:54.0389 3360	Netman - ok
18:29:54.0460 3360	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0473 3360	NetMsmqActivator - ok
18:29:54.0476 3360	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0485 3360	NetPipeActivator - ok
18:29:54.0510 3360	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:29:54.0541 3360	netprofm - ok
18:29:54.0582 3360	netr73          (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
18:29:54.0610 3360	netr73 - ok
18:29:54.0613 3360	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0622 3360	NetTcpActivator - ok
18:29:54.0624 3360	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0632 3360	NetTcpPortSharing - ok
18:29:54.0653 3360	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:29:54.0663 3360	nfrd960 - ok
18:29:54.0680 3360	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
18:29:54.0725 3360	NlaSvc - ok
18:29:54.0738 3360	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:29:54.0758 3360	Npfs - ok
18:29:54.0769 3360	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:29:54.0792 3360	nsi - ok
18:29:54.0804 3360	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:29:54.0836 3360	nsiproxy - ok
18:29:54.0895 3360	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
18:29:54.0923 3360	Ntfs - ok
18:29:54.0954 3360	ntiomin         (8a2788ff5aa0fe75d7231417200406ff) C:\Windows\system32\drivers\ntiomin.sys
18:29:54.0974 3360	ntiomin ( UnsignedFile.Multi.Generic ) - warning
18:29:54.0974 3360	ntiomin - detected UnsignedFile.Multi.Generic (1)
18:29:54.0989 3360	ntiopnp         (5850c28057ddea04390b88f8cc482504) C:\Windows\system32\drivers\ntiopnp.sys
18:29:54.0998 3360	ntiopnp - ok
18:29:55.0009 3360	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:29:55.0043 3360	Null - ok
18:29:55.0077 3360	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
18:29:55.0091 3360	NVENETFD - ok
18:29:55.0123 3360	NVNET           (d22e432e402499ac264a113d7168b91f) C:\Windows\system32\DRIVERS\nvmf6232.sys
18:29:55.0133 3360	NVNET - ok
18:29:55.0159 3360	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
18:29:55.0169 3360	nvraid - ok
18:29:55.0180 3360	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
18:29:55.0192 3360	nvstor - ok
18:29:55.0217 3360	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:29:55.0229 3360	nv_agp - ok
18:29:55.0237 3360	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:55.0248 3360	ohci1394 - ok
18:29:55.0262 3360	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:29:55.0291 3360	p2pimsvc - ok
18:29:55.0321 3360	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:29:55.0336 3360	p2psvc - ok
18:29:55.0360 3360	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:29:55.0373 3360	Parport - ok
18:29:55.0377 3360	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:29:55.0387 3360	partmgr - ok
18:29:55.0389 3360	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:29:55.0415 3360	Parvdm - ok
18:29:55.0430 3360	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:29:55.0448 3360	PcaSvc - ok
18:29:55.0466 3360	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:29:55.0477 3360	pci - ok
18:29:55.0488 3360	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:29:55.0497 3360	pciide - ok
18:29:55.0514 3360	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:29:55.0528 3360	pcmcia - ok
18:29:55.0541 3360	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:29:55.0550 3360	pcw - ok
18:29:55.0582 3360	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:29:55.0621 3360	PEAUTH - ok
18:29:55.0676 3360	pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
18:29:55.0731 3360	pla - ok
18:29:55.0825 3360	PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
18:29:55.0842 3360	PlugPlay - ok
18:29:55.0890 3360	PnkBstrA        (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
18:29:55.0903 3360	PnkBstrA - ok
18:29:55.0922 3360	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:29:55.0959 3360	PNRPAutoReg - ok
18:29:55.0984 3360	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:29:56.0000 3360	PNRPsvc - ok
18:29:56.0043 3360	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
18:29:56.0080 3360	PolicyAgent - ok
18:29:56.0110 3360	Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
18:29:56.0134 3360	Power - ok
18:29:56.0180 3360	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:56.0212 3360	PptpMiniport - ok
18:29:56.0230 3360	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:29:56.0253 3360	Processor - ok
18:29:56.0273 3360	ProfSvc         (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
18:29:56.0316 3360	ProfSvc - ok
18:29:56.0349 3360	ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:56.0362 3360	ProtectedStorage - ok
18:29:56.0383 3360	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:29:56.0404 3360	Psched - ok
18:29:56.0445 3360	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:29:56.0478 3360	ql2300 - ok
18:29:56.0532 3360	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:56.0542 3360	ql40xx - ok
18:29:56.0569 3360	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:29:56.0602 3360	QWAVE - ok
18:29:56.0620 3360	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:29:56.0632 3360	QWAVEdrv - ok
18:29:56.0638 3360	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:56.0663 3360	RasAcd - ok
18:29:56.0684 3360	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:56.0708 3360	RasAgileVpn - ok
18:29:56.0714 3360	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:29:56.0737 3360	RasAuto - ok
18:29:56.0754 3360	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:56.0795 3360	Rasl2tp - ok
18:29:56.0831 3360	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
18:29:56.0872 3360	RasMan - ok
18:29:56.0890 3360	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:56.0930 3360	RasPppoe - ok
18:29:56.0952 3360	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:56.0973 3360	RasSstp - ok
18:29:56.0992 3360	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:57.0016 3360	rdbss - ok
18:29:57.0028 3360	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:57.0040 3360	rdpbus - ok
18:29:57.0046 3360	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:57.0082 3360	RDPCDD - ok
18:29:57.0104 3360	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:29:57.0140 3360	RDPENCDD - ok
18:29:57.0155 3360	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:29:57.0186 3360	RDPREFMP - ok
18:29:57.0217 3360	RDPWD           (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
18:29:57.0234 3360	RDPWD - ok
18:29:57.0256 3360	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:29:57.0269 3360	rdyboost - ok
18:29:57.0293 3360	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:29:57.0342 3360	RemoteAccess - ok
18:29:57.0371 3360	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:29:57.0396 3360	RemoteRegistry - ok
18:29:57.0412 3360	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:29:57.0454 3360	RpcEptMapper - ok
18:29:57.0472 3360	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:29:57.0502 3360	RpcLocator - ok
18:29:57.0525 3360	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:29:57.0551 3360	RpcSs - ok
18:29:57.0562 3360	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:57.0584 3360	rspndr - ok
18:29:57.0616 3360	RTL8187B        (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys
18:29:57.0639 3360	RTL8187B - ok
18:29:57.0676 3360	RTL8192su       (83e64d86a4d888d973de824780567518) C:\Windows\system32\DRIVERS\RTL8192su.sys
18:29:57.0710 3360	RTL8192su - ok
18:29:57.0756 3360	SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:57.0785 3360	SamSs - ok
18:29:57.0880 3360	SbieDrv         (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
18:29:57.0891 3360	SbieDrv - ok
18:29:57.0919 3360	SbieSvc         (833539963e31edd4dc0063fe9cf95701) C:\Program Files\Sandboxie\SbieSvc.exe
18:29:57.0930 3360	SbieSvc - ok
18:29:57.0953 3360	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:29:57.0964 3360	sbp2port - ok
18:29:57.0979 3360	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:29:58.0019 3360	SCardSvr - ok
18:29:58.0036 3360	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:58.0073 3360	scfilter - ok
18:29:58.0108 3360	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
18:29:58.0147 3360	Schedule - ok
18:29:58.0167 3360	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:29:58.0188 3360	SCPolicySvc - ok
18:29:58.0208 3360	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
18:29:58.0238 3360	SDRSVC - ok
18:29:58.0261 3360	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:29:58.0296 3360	secdrv - ok
18:29:58.0313 3360	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:29:58.0347 3360	seclogon - ok
18:29:58.0371 3360	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:29:58.0409 3360	SENS - ok
18:29:58.0431 3360	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:29:58.0458 3360	SensrSvc - ok
18:29:58.0470 3360	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:29:58.0483 3360	Serenum - ok
18:29:58.0493 3360	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:29:58.0513 3360	Serial - ok
18:29:58.0524 3360	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:29:58.0542 3360	sermouse - ok
18:29:58.0569 3360	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
18:29:58.0608 3360	SessionEnv - ok
18:29:58.0621 3360	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:29:58.0646 3360	sffdisk - ok
18:29:58.0658 3360	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:29:58.0688 3360	sffp_mmc - ok
18:29:58.0708 3360	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:29:58.0732 3360	sffp_sd - ok
18:29:58.0749 3360	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:58.0759 3360	sfloppy - ok
18:29:58.0784 3360	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:29:58.0811 3360	SharedAccess - ok
18:29:58.0832 3360	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
18:29:58.0850 3360	ShellHWDetection - ok
18:29:58.0878 3360	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:29:58.0890 3360	sisagp - ok
18:29:58.0908 3360	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:58.0917 3360	SiSRaid2 - ok
18:29:58.0928 3360	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:58.0940 3360	SiSRaid4 - ok
18:29:58.0961 3360	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:29:58.0998 3360	Smb - ok
18:29:59.0037 3360	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:29:59.0049 3360	SNMPTRAP - ok
18:29:59.0061 3360	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:29:59.0071 3360	spldr - ok
18:29:59.0094 3360	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
18:29:59.0110 3360	Spooler - ok
18:29:59.0181 3360	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
18:29:59.0250 3360	sppsvc - ok
18:29:59.0316 3360	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
18:29:59.0339 3360	sppuinotify - ok
18:29:59.0389 3360	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
18:29:59.0421 3360	srv - ok
18:29:59.0449 3360	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
18:29:59.0473 3360	srv2 - ok
18:29:59.0496 3360	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:59.0521 3360	srvnet - ok
18:29:59.0539 3360	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:29:59.0583 3360	SSDPSRV - ok
18:29:59.0604 3360	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:29:59.0640 3360	SstpSvc - ok
18:29:59.0695 3360	Steam Client Service - ok
18:29:59.0712 3360	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:29:59.0723 3360	stexstor - ok
18:29:59.0760 3360	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
18:29:59.0794 3360	StiSvc - ok
18:29:59.0810 3360	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:29:59.0821 3360	swenum - ok
18:29:59.0853 3360	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:29:59.0882 3360	swprv - ok
18:29:59.0918 3360	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
18:29:59.0967 3360	SysMain - ok
18:29:59.0982 3360	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
18:30:00.0011 3360	TabletInputService - ok
18:30:00.0032 3360	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
18:30:00.0060 3360	TapiSrv - ok
18:30:00.0075 3360	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:30:00.0109 3360	TBS - ok
18:30:00.0192 3360	Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
18:30:00.0221 3360	Tcpip - ok
18:30:00.0234 3360	TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
18:30:00.0257 3360	TCPIP6 - ok
18:30:00.0269 3360	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:30:00.0292 3360	tcpipreg - ok
18:30:00.0310 3360	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:30:00.0331 3360	TDPIPE - ok
18:30:00.0364 3360	TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
18:30:00.0391 3360	TDTCP - ok
18:30:00.0416 3360	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:30:00.0448 3360	tdx - ok
18:30:00.0590 3360	TeamViewer6     (1c46c27e9f1938b9589859c70450d275) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
18:30:00.0629 3360	TeamViewer6 - ok
18:30:00.0693 3360	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:30:00.0703 3360	TermDD - ok
18:30:00.0726 3360	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
18:30:00.0757 3360	TermService - ok
18:30:00.0769 3360	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:30:00.0795 3360	Themes - ok
18:30:00.0818 3360	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:30:00.0839 3360	THREADORDER - ok
18:30:00.0862 3360	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:30:00.0902 3360	TrkWks - ok
18:30:00.0942 3360	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
18:30:00.0967 3360	TrustedInstaller - ok
18:30:00.0986 3360	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:01.0024 3360	tssecsrv - ok
18:30:01.0052 3360	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:30:01.0078 3360	tunnel - ok
18:30:01.0082 3360	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:30:01.0091 3360	uagp35 - ok
18:30:01.0109 3360	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:30:01.0149 3360	udfs - ok
18:30:01.0172 3360	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:30:01.0204 3360	UI0Detect - ok
18:30:01.0227 3360	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:30:01.0237 3360	uliagpkx - ok
18:30:01.0261 3360	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:30:01.0285 3360	umbus - ok
18:30:01.0304 3360	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:30:01.0314 3360	UmPass - ok
18:30:01.0335 3360	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:30:01.0377 3360	upnphost - ok
18:30:01.0412 3360	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
18:30:01.0424 3360	usbaudio - ok
18:30:01.0451 3360	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:01.0467 3360	usbccgp - ok
18:30:01.0479 3360	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:30:01.0508 3360	usbcir - ok
18:30:01.0533 3360	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
18:30:01.0553 3360	usbehci - ok
18:30:01.0586 3360	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
18:30:01.0625 3360	usbhub - ok
18:30:01.0647 3360	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
18:30:01.0672 3360	usbohci - ok
18:30:01.0713 3360	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:30:01.0745 3360	usbprint - ok
18:30:01.0782 3360	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:30:01.0801 3360	usbscan - ok
18:30:01.0826 3360	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:01.0836 3360	USBSTOR - ok
18:30:01.0848 3360	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
18:30:01.0879 3360	usbuhci - ok
18:30:01.0908 3360	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:30:01.0942 3360	UxSms - ok
18:30:01.0979 3360	VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:30:01.0991 3360	VaultSvc - ok
18:30:02.0012 3360	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:30:02.0022 3360	vdrvroot - ok
18:30:02.0046 3360	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
18:30:02.0084 3360	vds - ok
18:30:02.0103 3360	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:02.0116 3360	vga - ok
18:30:02.0128 3360	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:30:02.0152 3360	VgaSave - ok
18:30:02.0167 3360	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:30:02.0185 3360	vhdmp - ok
18:30:02.0205 3360	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:30:02.0218 3360	viaagp - ok
18:30:02.0221 3360	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:30:02.0244 3360	ViaC7 - ok
18:30:02.0303 3360	VIAHdAudAddService (4b1c025d194bbb41b1d7e86b54d88dc1) C:\Windows\system32\drivers\viahduaa.sys
18:30:02.0329 3360	VIAHdAudAddService - ok
18:30:02.0337 3360	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:30:02.0346 3360	viaide - ok
18:30:02.0360 3360	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:30:02.0369 3360	volmgr - ok
18:30:02.0382 3360	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:30:02.0397 3360	volmgrx - ok
18:30:02.0416 3360	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:30:02.0431 3360	volsnap - ok
18:30:02.0454 3360	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:30:02.0469 3360	vsmraid - ok
18:30:02.0511 3360	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
18:30:02.0558 3360	VSS - ok
18:30:02.0586 3360	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:30:02.0613 3360	vwifibus - ok
18:30:02.0632 3360	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:30:02.0658 3360	vwififlt - ok
18:30:02.0685 3360	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:30:02.0725 3360	W32Time - ok
18:30:02.0735 3360	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:30:02.0746 3360	WacomPen - ok
18:30:02.0762 3360	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:02.0783 3360	WANARP - ok
18:30:02.0786 3360	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:02.0806 3360	Wanarpv6 - ok
18:30:02.0845 3360	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
18:30:02.0893 3360	wbengine - ok
18:30:02.0913 3360	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:30:02.0948 3360	WbioSrvc - ok
18:30:02.0975 3360	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
18:30:02.0997 3360	wcncsvc - ok
18:30:03.0008 3360	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:30:03.0038 3360	WcsPlugInService - ok
18:30:03.0072 3360	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:30:03.0082 3360	Wd - ok
18:30:03.0106 3360	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:30:03.0123 3360	Wdf01000 - ok
18:30:03.0133 3360	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:30:03.0168 3360	WdiServiceHost - ok
18:30:03.0172 3360	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:30:03.0193 3360	WdiSystemHost - ok
18:30:03.0222 3360	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
18:30:03.0238 3360	WebClient - ok
18:30:03.0257 3360	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:30:03.0288 3360	Wecsvc - ok
18:30:03.0302 3360	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:30:03.0340 3360	wercplsupport - ok
18:30:03.0366 3360	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:30:03.0391 3360	WerSvc - ok
18:30:03.0415 3360	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:03.0438 3360	WfpLwf - ok
18:30:03.0447 3360	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:30:03.0461 3360	WIMMount - ok
18:30:03.0516 3360	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:30:03.0538 3360	WinDefend - ok
18:30:03.0548 3360	WinHttpAutoProxySvc - ok
18:30:03.0591 3360	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:30:03.0632 3360	Winmgmt - ok
18:30:03.0685 3360	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
18:30:03.0735 3360	WinRM - ok
18:30:03.0793 3360	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:30:03.0805 3360	WinUsb - ok
18:30:03.0830 3360	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:30:03.0873 3360	Wlansvc - ok
18:30:03.0965 3360	wlidsvc         (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:04.0001 3360	wlidsvc - ok
18:30:04.0056 3360	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:30:04.0073 3360	WmiAcpi - ok
18:30:04.0092 3360	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:30:04.0119 3360	wmiApSrv - ok
18:30:04.0169 3360	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:30:04.0215 3360	WMPNetworkSvc - ok
18:30:04.0229 3360	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:30:04.0249 3360	WPCSvc - ok
18:30:04.0259 3360	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
18:30:04.0277 3360	WPDBusEnum - ok
18:30:04.0290 3360	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:04.0324 3360	ws2ifsl - ok
18:30:04.0348 3360	wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
18:30:04.0375 3360	wscsvc - ok
18:30:04.0377 3360	WSearch - ok
18:30:04.0442 3360	wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
18:30:04.0504 3360	wuauserv - ok
18:30:04.0528 3360	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:30:04.0569 3360	WudfPf - ok
18:30:04.0609 3360	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:04.0641 3360	WUDFRd - ok
18:30:04.0657 3360	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
18:30:04.0694 3360	wudfsvc - ok
18:30:04.0710 3360	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:30:04.0741 3360	WwanSvc - ok
18:30:04.0797 3360	xusb21          (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
18:30:04.0809 3360	xusb21 - ok
18:30:04.0873 3360	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:30:04.0962 3360	\Device\Harddisk0\DR0 - ok
18:30:04.0965 3360	Boot (0x1200)   (c15ce70988754d4539222e3d2ce63cb6) \Device\Harddisk0\DR0\Partition0
18:30:04.0966 3360	\Device\Harddisk0\DR0\Partition0 - ok
18:30:04.0989 3360	Boot (0x1200)   (d62d625a66a550f16095e325e6ac3c64) \Device\Harddisk0\DR0\Partition1
18:30:04.0990 3360	\Device\Harddisk0\DR0\Partition1 - ok
18:30:04.0991 3360	============================================================
18:30:04.0991 3360	Scan finished
18:30:04.0991 3360	============================================================
18:30:05.0002 3368	Detected object count: 2
18:30:05.0002 3368	Actual detected object count: 2
18:30:12.0954 3368	AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:12.0954 3368	AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:30:12.0955 3368	ntiomin ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:12.0955 3368	ntiomin ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:30:24.0032 1380	Deinitialize success
         

Antwort

Themen zu Starker Verdacht auf Virus/Trojaner
anleitung, antivirus, avast, deutlich, ebenfalls, gefunde, gelöscht, hoffe, langsamer, laufe, laufen, leitung, logfiles, programme, tagen, troja, trojaner, trojaner gefunden, verdacht, weiterhelfen, woche, wochen



Ähnliche Themen: Starker Verdacht auf Virus/Trojaner


  1. firefox.exe verschwunden, Verdacht auf Trojaner und Virus
    Plagegeister aller Art und deren Bekämpfung - 25.03.2015 (25)
  2. Sehr starker Malware Verdacht auf altem PC
    Plagegeister aller Art und deren Bekämpfung - 09.10.2014 (5)
  3. Starker Verdacht auf Virenbefall
    Plagegeister aller Art und deren Bekämpfung - 30.05.2014 (13)
  4. Problem mit Internetverbindung, starker Verdacht auf Malware
    Log-Analyse und Auswertung - 03.07.2012 (6)
  5. Verdacht auf Virus Trojaner Rootkit
    Log-Analyse und Auswertung - 08.06.2012 (1)
  6. Starker Trojaner(?)-Befall! Alle Dateien (Desktop, Startmenü) weg, ununterbrochen Pop-ups.
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (5)
  7. Logfile wegen Verdacht auf Virus/Trojaner
    Log-Analyse und Auswertung - 03.07.2010 (7)
  8. Verdacht auf Trojaner/Virus oder ähliches
    Log-Analyse und Auswertung - 04.03.2010 (14)
  9. Verdacht auf Virus oder Trojaner
    Log-Analyse und Auswertung - 02.03.2010 (6)
  10. Starker Verdacht auf Malware
    Plagegeister aller Art und deren Bekämpfung - 06.02.2010 (8)
  11. Verdacht auf Trojaner/Virus
    Log-Analyse und Auswertung - 26.01.2010 (12)
  12. Probleme mit Programmen und CDs(starker Verdacht auf Virus)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2009 (0)
  13. Verdacht auf Virus/Trojaner
    Log-Analyse und Auswertung - 10.11.2008 (1)
  14. Verdacht auf Virus/Trojaner / Systemauslastung
    Log-Analyse und Auswertung - 17.06.2008 (6)
  15. Verdacht auf Virus od. Trojaner
    Log-Analyse und Auswertung - 03.02.2008 (8)
  16. Starker Verdacht auf Trojaner!!
    Log-Analyse und Auswertung - 31.03.2006 (3)
  17. Verdacht auf Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2004 (14)

Zum Thema Starker Verdacht auf Virus/Trojaner - Hallo! Mir ist aufgefallen das mein PC in den letzten Tagen deutlich langsamer wurde. Ebenfalls hat mein Antivirus (Avast) vor ca. 2 Wochen einen Trojaner gefunden, der aber gelöscht wurde, - Starker Verdacht auf Virus/Trojaner...
Archiv
Du betrachtest: Starker Verdacht auf Virus/Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.